WW-4697 If DMI is sisabled, exclude action|method params
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5975b7aa Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5975b7aa Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5975b7aa Branch: refs/heads/master Commit: 5975b7aac7c9fd933aec80d3d3450190f9c2e8fd Parents: 5801638 Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Tue Oct 11 10:14:25 2016 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Tue Oct 11 10:14:25 2016 +0200 ---------------------------------------------------------------------- .../com/opensymphony/xwork2/config/impl/MockConfiguration.java | 2 ++ .../xwork2/config/providers/XWorkConfigurationProvider.java | 2 ++ .../xwork2/security/DefaultExcludedPatternsChecker.java | 5 +++-- 3 files changed, 7 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/5975b7aa/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java b/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java index 3148f05..120d3f9 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/impl/MockConfiguration.java @@ -24,6 +24,7 @@ import com.opensymphony.xwork2.inject.Container; import com.opensymphony.xwork2.inject.ContainerBuilder; import com.opensymphony.xwork2.inject.Scope; import com.opensymphony.xwork2.util.location.LocatableProperties; +import org.apache.struts2.StrutsConstants; import java.util.*; @@ -51,6 +52,7 @@ public class MockConfiguration implements Configuration { builder.constant(XWorkConstants.DEV_MODE, "false"); builder.constant(XWorkConstants.RELOAD_XML_CONFIGURATION, "true"); builder.constant(XWorkConstants.ENABLE_OGNL_EXPRESSION_CACHE, "true"); + builder.constant(StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, "false"); container = builder.create(true); } http://git-wip-us.apache.org/repos/asf/struts/blob/5975b7aa/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java b/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java index 89e8f97..0141e62 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java @@ -87,6 +87,7 @@ import com.opensymphony.xwork2.validator.ValidatorFactory; import com.opensymphony.xwork2.validator.ValidatorFileParser; import ognl.MethodAccessor; import ognl.PropertyAccessor; +import org.apache.struts2.StrutsConstants; import java.util.ArrayList; import java.util.Collection; @@ -181,6 +182,7 @@ public class XWorkConfigurationProvider implements ConfigurationProvider { .factory(AcceptedPatternsChecker.class, DefaultAcceptedPatternsChecker.class, Scope.PROTOTYPE) ; + props.setProperty(StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, Boolean.FALSE.toString()); props.setProperty(XWorkConstants.DEV_MODE, Boolean.FALSE.toString()); props.setProperty(XWorkConstants.LOG_MISSING_PROPERTIES, Boolean.FALSE.toString()); props.setProperty(XWorkConstants.ENABLE_OGNL_EXPRESSION_CACHE, Boolean.TRUE.toString()); http://git-wip-us.apache.org/repos/asf/struts/blob/5975b7aa/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java index e8f7282..687d17f 100644 --- a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java +++ b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java @@ -46,9 +46,10 @@ public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker { } } - @Inject(value = StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required = false) + @Inject(StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION) public void setDynamicMethodInvocation(String dmiValue) { - if (BooleanUtils.toBoolean(dmiValue)) { + if (!BooleanUtils.toBoolean(dmiValue)) { + LOG.debug("DMI is disabled, adding DMI related excluded patterns"); setAdditionalExcludePatterns("^(action|method):.*"); } }
